Uploaded image for project: 'Calcite'
  1. Calcite
  2. CALCITE-6280

Jetty version number leaked by Avatica http server

    XMLWordPrintableJSON

Details

    Description

      Unauthorised access to HTTP server using curl returns the Jerry server version.  See sample response below

      <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 Unauthorized</title>
</head>
<body><h2>HTTP ERROR 401 Unauthorized</h2>
<table>
<tr><th>URI:</th><td>/</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>Unauthorized</td></tr>
<tr><th>SERVLET:</th><td>-</td></tr>
</table>
<hr/><a href="https://eclipse.org/jetty">Powered by Jetty:// 9.4.44.v20210927</a><hr/>
</body>
</html>

       

      For security reason, it's not advisable to return server version in the response.

       

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-24054 The Jetty's version number leak occurred while using the thrift service

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #239

          Activity

            People

              vjoshi Vaibhav Joshi
              vjoshi Vaibhav Joshi
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m